Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Date of Graduation

5-5-2021

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Department of Computer Science

Advisor(s)

Brett Tjaden

M. Hossain Heydari

Xunhua Wang

Abstract

The world is continually demanding more effective and intelligent solutions and strategies to combat adversary groups across the cyber defense landscape. Cyber Threat Intelligence (CTI) is a field within the domain of cyber security that allows for organizations to utilize threat intelligence and serves as a tool for organizations to proactively harden their defense posture. However, there is a large volume of CTI and it is often a daunting task for organizations to effectively consume, utilize, and apply it to their defense strategies. In this thesis we develop a machine learning solution, named RedAI, to investigate whether open-source intelligence (OSINT) can be effectively integrated into a working approach that accurately classifies cyber threat intelligence. By focusing on open-source and easily available resources, RedAI demonstrates how to use the Structured Threat Information Expression (STIX) (OASIS, 2017) language to objectify, collect, and integrate intelligence and align it to the MITRE ATT&CK framework (MITRE ATT&CK Enterprise, 2021). To test the accuracy of this solution, machine learning models were built using training data and then further tested with test data to determine the model's effectiveness at classifying unknown threat intelligence. The results showed that RedAI could, with high accuracy, use OSINT cyber threat intelligence data to build a machine learning model and then classifying unknown test threat intelligence. Based off these findings, it is apparent that organizations have the ability to leverage OSINT and advanced solutions to augment their cyber defense posture.

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.